FC2: Audit errors on /var/log/messages (SELinux (?) newbie)
Jan Houtsma
list at houtsma.net
Mon May 24 20:27:17 UTC 2004
Rami Saarinen schreef:
>>>Oh, just as I had posted this message I found the "Fedora Core 2 test2
>>>SELinux FAQ" at
>>>
>>>
>http://mindstorm.ath.cx:8080/fedora-docs/selinux-faq-en/
>
>
>>>That clears out many questions, but does anyone have any good reasons
>>>
>>>
>why
>
>
>>>I should have SELinux turned on? The machine is connected to the
>>>
>>>
>internet
>
>
>>>just few hours a day and I have all the services off on the
>>>system-config-securitylevel.
>>>
>>>I suppose SELinux provides the ACL mechanism, but I'm not sure I need
>>>
>>>
>it
>
>
>>>.. afterall it may be a bit overkill for two-user computer. ;)
>>>
>>>
>>>
>
>
>
>>If you need to disable SELinux , simply edit /etc/sysconfig/selinux and
>>change SELINUX=enforcing (or permissive) to SELINUX=disabled . On older
>>kernel versions , you had to add a option during boot , but it has been
>>disabled.
>>Also , ACL is not related to SELinux. You can disable SELinux without
>>any fear of problems...
>>
>>
>
>
>Thanks Pedro for help. Unfortunately /etc/sysconfig/selinux is missing. Oh
>well, I'll figure out something (like adding the selinux in
>etc/sysconfig).
>
>
Yes, i noticed that as well. I have two servers. One new install and one
upgraded machine.
On the fresh install that file is there. But it's not owned by any package!
# rpm -qf /etc/sysconfig/selinux
file /etc/sysconfig/selinux is not owned by any package
On another server which was an upgrade from core 1 that file is
missing....... as well as other stuff related to
selinux (like for example policy-1.11.3-3 and policycoreutils-1.11-2).
Apparently upgrading is *not* full proof (i was missing several other
things as well)!
Jan
More information about the fedora-list
mailing list